On 06/15/2012 11:06 AM, abergvall wrote:
> Hi,
> I had to change certificates in our Userapplication jboss (UA3.7 patch
> E). The new cert is signed by our internal CA (not the eDir one), and
> all is well, the keystore has root of the CA and the signed server
> certificate.
> Jboss starts ok, and all is well on that part.
> Looking in the trace on the IDM server I do find errors when the Role
> and Resource service driver try to connect to the UA to do what it is
> supposed to do.
> 16:52:02 1728 Drvrs: Role and Resource ST:
> DirXML Log Event -------------------
> Driver: \IDV\Corp\res\IDV-DriverSet\Role and Resource Service Office
> Channel: Subscriber
> Status: Error
> Message: Unable to start Approval Workflow
> Workflow DN: ...
> Reason: java.lang.RuntimeException:
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderE xception: unable to
> find valid certification path to requested target
> Thinking this is supposed to happen since I changed the certificates in
> the UA.
> Added our CA:s root to the lib\security\cacerts keystore and restrted
> the driver. No difference.
> What did I miss? Probably lots of things...
> Any suggestions?
> br
> /Anders

You have to install the certificate into the cacerts file of the jre
that the IDM Engine(s) is running with and then restart eDirectory.
This must be done for each IDM server that could call to the UserApp via

Steven Williams
Lead Software Engineer